IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A multimodel methodology for qualitative model engineering
ACM Transactions on Modeling and Computer Simulation (TOMACS)
ACM Transactions on Modeling and Computer Simulation (TOMACS)
IEEE Transactions on Pattern Analysis and Machine Intelligence
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
An agent-based approach for building complex software systems
Communications of the ACM
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Lightweight agents for intrusion detection
Journal of Systems and Software
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
A formal framework for connective stability of highly decentralized cooperative negotiations
Autonomous Agents and Multi-Agent Systems
CAMNEP: agent-based network intrusion detection system
Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02
ACM Computing Surveys (CSUR)
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Protecting a Moving Target: Addressing Web Application Concept Drift
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Inside Cyber Warfare: Mapping the Cyber Underworld
Inside Cyber Warfare: Mapping the Cyber Underworld
Integrated Detection of Attacks Against Browsers, Web Applications and Databases
EC2ND '09 Proceedings of the 2009 European Conference on Computer Network Defense
Detecting Intrusions through System Call Sequence and Argument Analysis
IEEE Transactions on Dependable and Secure Computing
Agent-based distributed intrusion alert system
IWDC'04 Proceedings of the 6th international conference on Distributed Computing
| Hi-index | 0.00 |
Many computer protection tools incorporate learning techniques that build mathematical models to capture the characteristics of system's activity and then check whether live system's activity fits the learned models. This approach, referred to as anomaly detection, has enjoyed immense popularity because of its effectiveness at recognizing unknown attacks (under the assumption that attacks cause glitches in the protected system). Typically, instead of building a single complex model, smaller, partial models are constructed, each capturing different features of the monitored activity. Such multimodel paradigm raises the non-trivial issue of combining each partial model to decide whether or not the activity contains signs of attacks. Various mechanisms can be chosen, ranging from a simple weighted average to Bayesian networks, or more sophisticated strategies. In this paper we show how different aggregation functions can influence the detection accuracy. To mitigate these issues we propose a radically different approach: rather than treating the aggregation as a calculation, we formulate it as a decision problem, implemented through cooperative negotiation between autonomous agents. We validated the approach on a publicly available, realistic dataset, and show that it enhances the detection accuracy with respect to a system that uses elementary aggregation mechanisms.